27 lines
1.0 KiB
Markdown
27 lines
1.0 KiB
Markdown
|
# Meltdown
|
||
|
|
||
|
* [PoC from IAIK](https://github.com/IAIK/meltdown.git)
|
||
|
![Overview](https://gcdn.pbrd.co/images/IitOpaf.png?raw=true "Meltdown")
|
||
|
|
||
|
* Each page table entries has the following flag values
|
||
|
* SUP (user or kernel mode)
|
||
|
* READ
|
||
|
* WRITE
|
||
|
|
||
|
* Flags are checked by the MMU
|
||
|
|
||
|
* Pipelined steps of an instruction are the following
|
||
|
* Fetch
|
||
|
* Decode
|
||
|
* Execute
|
||
|
* Memory access
|
||
|
* Register write back
|
||
|
|
||
|
* A pipeline can execute one of each steps concurrently every clock cycle.
|
||
|
* The MMU may jump between instruction queued in the pipeline to make use of time while the current instruction stalls.
|
||
|
* __Speculative execution__ is the reordering of instructions to speed up execution inside the pipeline.
|
||
|
* If a condition is executed speculatively, kernel memory may be executed. No error is thrown, because the is no assurance if the condition will actually be executed in the end.
|
||
|
|
||
|
* [Kernel Page Table Isolation](http://www.brendangregg.com/blog/2018-02-09/kpti-kaiser-meltdown-performance.html) can be used to mitigate meltdown.
|
||
|
|